<?php
session_start();
include 'dbc.php';
  
$username=protect($_POST['user']);
$password=protect($_POST['pass']);

$query="select username from users where username='$username' and password='$password'";
$result=mysql_query($query,$con) or DIE(mysql_error());
 if (mysql_num_rows($result) != 1)
        {
            // invalid login information
            echo "Wrong username or password!";
            //show the loginform again.
           ?>
		   <form action="login.php" method="POST" style="border:solid 1px black;padding:20px;text-align:center;">
<h3>Log In</h3>
<p>Username</p>
<input type="text" name="user" /> 
<p>Password</p>
<input type="password" name="pass" />
<br /><br />
<input type="submit" value="Play the Game!" /><br /><br />
<a style="text-align:center;color:green;" href="registration.php"><h3>Register Now!</h3></a>
</form>
<?php
		}
	else
	{
	$row = mysql_fetch_array($result);
	$_SESSION['username']=$row['username'];
	header('Location: main.php');
	
	}
?>